This is not working for me because uses the laravel_session cookie data to persist login and return a new access_token without ask for credentials again, redirecting to the callback page directly.
Laravel destroy the session after a while or when the browser is closed but it's a problem when I want to change user to login because I have to wait or close everything.
Maybe the problem is the session based login, but there is no much info about it.
I would like to know if it has happened to you and if anyone could solve it.
Sorry about my english, is not my mother tongue. And thanks again!
Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (api.php routes with auth:api middleware), revoking the token:
publicfunctionlogoutAPI(){Auth::user()->token()->revoke();$tokenId=Auth::user()->token()->id;$tokenRepository=app('Laravel\Passport\TokenRepository');$refreshTokenRepository=app('Laravel\Passport\RefreshTokenRepository');$tokenRepository->revokeAccessToken($tokenId);$refreshTokenRepository->revokeRefreshTokensByAccessTokenId($tokenId);returnresponse()->json(['msg'=>'You have been succesfully logged out'],200);}
And in the web guard (web.php routes), kill the session:
publicfunctionlogoutSession(Request$request){Auth::guard('web')->logout();Session::flush();//the frontend sends a logout_uri query string to redirectreturnresponse()->redirectTo($request->query('logout_uri'));}
In the frontend I send an axios post request to the logoutAPI route and then call the logoutSession route. Here is the code using the @nuxtjs/auth-next module.
logout(){this.$axios.get('/api/logout').then(response=>{this.$auth.reset();//deletes tokens in nuxt appthis.$auth.logout();//redirects to logoutSession this.$axios.setHeader('Authorization',null);}).catch(error=>console.log(error.response));}
This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes, not only using
but also like indicates the docs:
Laravel - revoking tokens
This is not working for me because uses the
laravel_session
cookie data to persist login and return a newaccess_token
without ask for credentials again, redirecting to the callback page directly.Laravel destroy the session after a while or when the browser is closed but it's a problem when I want to change user to login because I have to wait or close everything.
Maybe the problem is the session based login, but there is no much info about it.
I would like to know if it has happened to you and if anyone could solve it.
Sorry about my english, is not my mother tongue. And thanks again!
Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (
api.php
routes withauth:api
middleware), revoking the token:And in the web guard (
web.php
routes), kill the session:In the frontend I send an axios post request to the
logoutAPI
route and then call thelogoutSession
route. Here is the code using the@nuxtjs/auth-next
module.This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!